Headline
GHSA-475v-pq2g-fp9g: s2n-quic potential denial of service via crafted stream frames
Impact
An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.
Impacted versions: <= v1.30.0.
Patches
The patch is included in v1.31.0 [1].
Workarounds
There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to [email protected]. Please do not create a public GitHub issue.
[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0 [2] https://aws.amazon.com/security/vulnerability-reporting
Package
cargo s2n-quic (Rust)
Affected versions
<= 1.30.0
Patched versions
1.31.0
Description
Impact
An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.
Impacted versions: <= v1.30.0.
Patches
The patch is included in v1.31.0 [1].
Workarounds
There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to [email protected]. Please do not create a public GitHub issue.
[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0
[2] https://aws.amazon.com/security/vulnerability-reporting
References
- GHSA-475v-pq2g-fp9g
- aws/s2n-quic@73e66b0
- https://github.com/aws/s2n-quic/releases/tag/v1.31.0
goatgoose published to aws/s2n-quic
Nov 6, 2023
Published to the GitHub Advisory Database
Nov 8, 2023
Reviewed
Nov 8, 2023
Last updated
Nov 8, 2023